close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

password security

Discussion in 'Tech Talk' started by wallyglock, Oct 16, 2008.

  1. wallyglock

    wallyglock

    519
    0
    Mar 1, 2005
    in.
    i am only an occassional computer user and am not at all big into computers.

    a friend got me to thinking........he says it is possible to get anyones password and tap into their mail. i have no idea if this is true or not, and i am not sure if he has ever done this.
    he does know his way around a computer very well.

    maybe their IS a way to accomplish this, but i would think this should be protected somehow !:dunno:

    any opinions ?
     
  2. It is possible to get anyone's password...how long that would take is the question. Simple passwords are easier to crack with freely available programs. Complex passwords, especially those that are longer and don't use common words, will take longer.

    Using passwords that contain upper and lower case letters, numbers and special characters is the better way to go. Don't make your passwords something that can be easily identifiable to you: your dogs name, type of car you drive etc...
     


  3. sdsnet

    sdsnet NRA Member CLM

    3,127
    18
    Feb 8, 2007
    Texas
    One way to add complexity to your passwords is to take a word you can remember and substitue zero's for O's, 3's for E's, ones for L's etc. w1nt3r instead of winter for example.
     
  4. Sgt. Schultz

    Sgt. Schultz Annoying Member

    If your e-mail program is Windows based then it so simple to get your password that it’s scary. There are several programs available that will display the actual password by moving your mouse pointer over the “hidden” password. Windows shows them as asterisks but the passwords are not really hidden and these fields can be queried for the text inside it.
     
  5. "Getting" a password is one thing; guessing a password, or the answer to a security question is completely different.

    It's true there is software available for almost any purpose, nefarious or otherwise, but in most cases it's not necessary to get the p-word, only SWAG your way into the account.Too many people use their name, DOB, relative name, etc. for security. They also use the same password for every account they might need to access.

    They do a similar thing with a security question such as "What's your mother's maiden name?" They supply the actual maiden name rather than make up a non-sense answer.

    I once had a boss, the CIO/CTO no less, who sent an email to the entire company regarding passwords. This is almost verbatim what he stated:

    If you are like me you suffer from information overload. Going forward we will be requiring regularly scheduled password changes to all of the accounts you access, so I suggest you make it simple on yourself and use the same password for all accounts.

    My suggestion is a password that includes mixed case, numbers as well as letters, and at least one special character. Do not use the same pword for all of your accounts unless you do not care if someone accesses the account. Finally, make up a "password" for all security questions.

    E.g. "What's your mother's maiden name?"
    Answer: ScREaming0YellowZonKer$
     
  6. Rémy

    Rémy

    246
    0
    Apr 13, 2008
    Austria
    Depends what mail connection you use.
    If it's a secure connection it's pretty complex... if it's a normal connection then some experienced guys can read your mails.

    But you know what?
    Guys who can do this aren't interested in your or my mails :).

    If you use a Mac then there's a built in password generator and a special and secure place to store your passwords (complex is good for safety but bad to remember :) ).
     
  7. ax157

    ax157 Libertarian

    903
    0
    Oct 14, 2003
    It is possible in the sense that if all that's protecting you is a password, it's always "possible" to get that password. He could point a gun at your head and try and force you to give up the password. So what we're really talking about is security from a technical side.

    From a technical point of view, it is NOT true that you can break into anybodies account/get anybodies password. It is all a matter of circumstance and opportunity.

    If the mail provider you have is secure, and your password can not be easily guessed, and is not simple in nature (for example, you may not guess the password "2342", but it's possible given the right situation for a computer to guess that password by random trial and error), and the line or contents of communication between your computer and your mail provider is secure, and your computer itself is secure. Then it will be virtually impossible for someone to get access too your mail.

    You seem to be asking that if it's possible to get anyones or most peoples password or e-mail then why isn't it more protected. The truth is that generally, it is protected. It's just that the vast majority of the time when someone gets their computer or e-mail "hacked". The problem was in their actions or choices.

    Take the recent hacking of Sarah Palins E-mail. That wasn't all that technical a feet, I believe someone just knew the answer to her password recovery question.

    Hope that gives you a better understanding.
     
  8. My thoughts on this coming from a unix background and admin for over 12 years;

    1: passwords should be changed regulary like every month to each quarter. The reason why if somebody did get your encrypted password and you changed it every month or sooner for example, by they time they cracked it ( if it was strong password to begin with ) , the password would be of no good.

    And just like mention above don't use the same password for all accounts. I worked in security groups where you sniff out a person "at work" password and the figure out their hotmail or ebay/paypal account and after a few trial-errors with their login name, you now have access to these other accounts.

    If I was internet god and master admin, your login wouldn't even be in any relationship to your name ( i.e msmith@yourcompany.com would now be
    m3456thyjk1l )


    2: Passwords should be 8-10 characters with at least one special char ( i.e ^$#@ ) two is better, and at least one upper case and numbers , two is better.

    3: don't use anything that send credentials in the clear, ( telnet, POP,imap ) , in stead opt for services that supports encryption ( ssh, imap-ssl,etc...)

    4: Any website that takes personal/privacy information need to be https: vrs http:

    5: remote access should be thru some type of vpn ( pptp/ipsec/open-vpn, ssl-vpn )

    6: opt for security token/cards with rotating keys and a 4 digit PIN or one time use passwords.

    fwiw:
    You deploy that or uses services like that and you would be 100% safe.


    note:

    As a Solaris and Linux admin, I used to grab password files off these systems and even windows and run various cracking tools against users to see what password they where using or to see if they could be cracked with easy wordbased attacks. You would be surprise to see what people uses ;)
     
  9. nursetim

    nursetim

    13,955
    6,445
    Mar 1, 2006
    liberalville N. M.
    Is there technology out there that fits this description? 1) external thumb drive 2) for every site that requires a password it automatically changes it every visit 3) randomly generates new password and remembers it for next visit then changes the password again?
     
  10. IWUprof

    IWUprof

    22
    0
    Dec 19, 2007
    TN
    Try using Password Safe. I have used it for a number of years and am very satisfied with it. You can change passwords easily and use the program to generate them on a random basis using your parameters; e.g. special characters, caps, number of characters, etc. You can also use the program on different computers using a jump drive. Address is http://passwordsafe.sourceforge.net
     
  11. cnutco

    cnutco

    693
    0
    Jul 8, 2008
    NE GA
    Not my thread, but wanted to thank all for the info and the advise!
     
  12. None that of aware of. It would then require you to "secure" the thumbdrive.


    If you wanted todo all of that, you should have some type of intergration with biometric like a "fingerprint" reader, than when you access the site, it will authenicate once you print is scan and verified.
     
  13. nursetim

    nursetim

    13,955
    6,445
    Mar 1, 2006
    liberalville N. M.
    noway, Okay, sounds good sign me up.
    IWUprof, That looks like what I'm looking for, but I'm looking for plug in hardware like device.
     
  14. IWUprof

    IWUprof

    22
    0
    Dec 19, 2007
    TN
    Check out the web site again. You can use the program on a jump drive that you plug into whichever computer you are using. I don't use it in that manner but the feature is listed as available.